36d21cadec79f898dd327d2b2beb58e8
PE Executable | MD5: 36d21cadec79f898dd327d2b2beb58e8 | Size: 568.32 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 36d21cadec79f898dd327d2b2beb58e8
|
| Sha1 | af6eaf12c4a3c05fc43d2968914647e15c02dd86
|
| Sha256 | 899b268e756f5158f6707e76e15e0af4ab9a6a09953274ee1b549666f3cf2f12
|
| Sha384 | 7c67358f44031877bfd7d3cf4ab2742707cc87486e845fec445a644bde6982352de55d0e0864e4a34cdda1db81195ef3
|
| Sha512 | d8981b465fd05fe95df0d387bd0480acf6becf86b51c1a65abf716de7828c19aba5dfb2db564305c5caf776155bf270a397ee4fe40b3dd63fe1157433ebac244
|
| SSDeep | 12288:rlp3pcj01ERk8lR9K9yotHrizHBoQsq7xPXs1GvKypejzIhhM9LG:rlp3pwDQy2LoBoX8dXs1mpeXMhM9
|
| TLSH | 16C412877AC49361C6106ABAC0D3643943E7F69B2A73E3463A9413D51D50BF0DDAABCC
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Gpjhhdjp.exe |
| Full Name | Gpjhhdjp.exe |
| EntryPoint | System.Void A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW::BfhEy5pWD() |
| Scope Name | Gpjhhdjp.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Gpjhhdjp |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 39 |
| Main Method | System.Void A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW::BfhEy5pWD() |
| Main IL Instruction Count | 89 |
| Main IL | ldc.i4 3 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 991 beq IL_0009: ldloc V_1 br IL_0035: ldsfld jsqpWEUin9P1lySuE5r jsqpWEUin9P1lySuE5r::bvhUk8V7TR ldsfld jsqpWEUin9P1lySuE5r jsqpWEUin9P1lySuE5r::bvhUk8V7TR call System.Void jsqpWEUin9P1lySuE5r::puwUpUHEPa(jsqpWEUin9P1lySuE5r) ldc.i4 0 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_9bd7b6a1b365427c80b1052f54b08146 brtrue IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) pop <null> ldc.i4 1 br IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) ldsfld gVGq8pUMwMn9tiNdmCT gVGq8pUMwMn9tiNdmCT::EZWUwuyNtt call System.Void gVGq8pUMwMn9tiNdmCT::puwUpUHEPa(gVGq8pUMwMn9tiNdmCT) ldc.i4 2 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_763c37a4d12a4c3e943db0786b9a4608 brtrue IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) pop <null> ldc.i4 3 br IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) ret <null> nop <null> ldsfld System.Threading.ThreadStart A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c::Ho6pBtP8D dup <null> brtrue IL_00FC: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 0 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_3c95fa017ee94a12abc6db89bcae7c7d brtrue IL_00C6: switch(IL_00E6,IL_012A) pop <null> ldc.i4 0 br IL_00C6: switch(IL_00E6,IL_012A) br IL_00C2: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_00C2: ldloc V_2 br IL_00E6: ldsfld A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c::XJW3DmTt2 ldsfld A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c::XJW3DmTt2 ldftn System.Void A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c::HHLAK0f4r() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c::Ho6pBtP8D newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld CoJROkUW0x9ruhTWm20 CoJROkUW0x9ruhTWm20::TJLUaoUNSB call System.Void CoJROkUW0x9ruhTWm20::puwUpUHEPa(System.Object,CoJROkUW0x9ruhTWm20) ldc.i4 1 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_59ef09649ccd474699f95f43107407b8 brtrue IL_00C6: switch(IL_00E6,IL_012A) pop <null> ldc.i4 3 br IL_00C6: switch(IL_00E6,IL_012A) leave IL_0035: ldsfld jsqpWEUin9P1lySuE5r jsqpWEUin9P1lySuE5r::bvhUk8V7TR pop <null> ldc.i4 5 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_b4d2ba96051f42ecb0400b21c119a58b brtrue IL_0161: switch(IL_017D) pop <null> ldc.i4 0 br IL_0161: switch(IL_017D) br IL_015D: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_015D: ldloc V_0 br IL_017D: leave IL_0035 leave IL_0035: ldsfld jsqpWEUin9P1lySuE5r jsqpWEUin9P1lySuE5r::bvhUk8V7TR ldc.i4 6 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_90de52b4abd3463283353f167d3f3af1 brfalse IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) pop <null> ldc.i4 0 br IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) |
| Module Name | Gpjhhdjp.exe |
| Full Name | Gpjhhdjp.exe |
| EntryPoint | System.Void A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW::BfhEy5pWD() |
| Scope Name | Gpjhhdjp.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Gpjhhdjp |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 39 |
| Main Method | System.Void A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW::BfhEy5pWD() |
| Main IL Instruction Count | 89 |
| Main IL | ldc.i4 3 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 991 beq IL_0009: ldloc V_1 br IL_0035: ldsfld jsqpWEUin9P1lySuE5r jsqpWEUin9P1lySuE5r::bvhUk8V7TR ldsfld jsqpWEUin9P1lySuE5r jsqpWEUin9P1lySuE5r::bvhUk8V7TR call System.Void jsqpWEUin9P1lySuE5r::puwUpUHEPa(jsqpWEUin9P1lySuE5r) ldc.i4 0 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_9bd7b6a1b365427c80b1052f54b08146 brtrue IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) pop <null> ldc.i4 1 br IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) ldsfld gVGq8pUMwMn9tiNdmCT gVGq8pUMwMn9tiNdmCT::EZWUwuyNtt call System.Void gVGq8pUMwMn9tiNdmCT::puwUpUHEPa(gVGq8pUMwMn9tiNdmCT) ldc.i4 2 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_763c37a4d12a4c3e943db0786b9a4608 brtrue IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) pop <null> ldc.i4 3 br IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) ret <null> nop <null> ldsfld System.Threading.ThreadStart A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c::Ho6pBtP8D dup <null> brtrue IL_00FC: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 0 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_3c95fa017ee94a12abc6db89bcae7c7d brtrue IL_00C6: switch(IL_00E6,IL_012A) pop <null> ldc.i4 0 br IL_00C6: switch(IL_00E6,IL_012A) br IL_00C2: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 989 beq IL_00C2: ldloc V_2 br IL_00E6: ldsfld A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c::XJW3DmTt2 ldsfld A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c::XJW3DmTt2 ldftn System.Void A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c::HHLAK0f4r() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart A67dbYHk9F8MCoH1nd.FFtInBneoeb7m3wOdW/<>c::Ho6pBtP8D newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld CoJROkUW0x9ruhTWm20 CoJROkUW0x9ruhTWm20::TJLUaoUNSB call System.Void CoJROkUW0x9ruhTWm20::puwUpUHEPa(System.Object,CoJROkUW0x9ruhTWm20) ldc.i4 1 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_59ef09649ccd474699f95f43107407b8 brtrue IL_00C6: switch(IL_00E6,IL_012A) pop <null> ldc.i4 3 br IL_00C6: switch(IL_00E6,IL_012A) leave IL_0035: ldsfld jsqpWEUin9P1lySuE5r jsqpWEUin9P1lySuE5r::bvhUk8V7TR pop <null> ldc.i4 5 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_b4d2ba96051f42ecb0400b21c119a58b brtrue IL_0161: switch(IL_017D) pop <null> ldc.i4 0 br IL_0161: switch(IL_017D) br IL_015D: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 988 beq IL_015D: ldloc V_0 br IL_017D: leave IL_0035 leave IL_0035: ldsfld jsqpWEUin9P1lySuE5r jsqpWEUin9P1lySuE5r::bvhUk8V7TR ldc.i4 6 ldsfld <Module>{bd5c539f-11bc-46f2-b436-51243b51467b} <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_62826713b60446a6bc78cd7721cda92a ldfld System.Int32 <Module>{bd5c539f-11bc-46f2-b436-51243b51467b}::m_90de52b4abd3463283353f167d3f3af1 brfalse IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) pop <null> ldc.i4 0 br IL_000D: switch(IL_0035,IL_0087,IL_0088,IL_005E) |